[ home ]  [ private ]  [ 0Day ]  [ discount ]  [ Get Gold ]  [ platforms ]  [ pentest ]  [ search ]  [ faq ]  [ contact ]  [ style ]  [ Prices in Gold ]   db: 39 535    
0day Today Exploit DB Official Facebook
0day Today Exploit DB Official Twitter
0day Today Exploit DB Official RSS Channel
Tor
We DO NOT use Telegram or any messengers / social networks!
We DO NOT use Telegram or any messengers / social networks!

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

 
0day.today - Biggest Exploit Database in the World.
Select your language:  
English
English
Русский
Русский
Deutsch
Deutsch
Türkçe
Türkçe
Français
Français
Italiano
Italiano
Español
Español
Romania
Romania
Polskie
Polskie
العربية
العربية
Japan
Japan
China
China
Things you should know about 0day.today:
  • We use one main domain: http://0day.today
  • Most of the materials is completely FREE
  • If you want to purchase the exploit / get V.I.P. access or pay for any other service,
    you need to buy or earn GOLD
We accept currencies: [contact admin to find more]
           
We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
I am registered user of 0day.today. I don't want to see this screen in future.
What to do first?
  1. Read the [ agreement ]
  2. Read the [ Submit ] rules
  3. Visit the [ faq ] page
  4. [ Register ] profile
  5. Get [ GOLD ]
  6. If you want to [ sell ]
  7. If you want to [ buy ]
  8. If you lost [ Account ]
  9. Any questions [ admin@0day.today ]


Main links


You can contact us by

Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
Mail:
mr.inj3ct0r@gmail.com
Facebook:
Inj3ct0rs
Twitter:
Inj3ct0r
Telegram:
We DO NOT use Telegram or any messengers / social networks!
0day Today Exploits Market and 0day Exploits Database

SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management Vulnerability

Author
Karn Ganeshen
Risk
[
Security Risk High
]
0day-ID
0day-ID-28939
Category
web applications
Date add
01-11-2017
CVE
CVE-2017-12728
Platform
windows
Vendor: SpiderControl
Equipment: SCADA Web Server
Vulnerability: Improper Privilege Management

Advisory URL
https://ipositivesecurity.com/2017/10/28/ics-spidercontrol-scada-web-server-improper-privilege-management-vulnerability/

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-250-01

CVE-ID
CVE-2017-12728

------------------------
AFFECTED PRODUCTS
------------------------

The following versions of SCADA Web Server, a software management platform,
are affected:
SCADA Web Server Version 2.02.0007 and prior.

------------------------
BACKGROUND
------------------------
Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Europe
Company Headquarters Location: Switzerland

------------------------
IMPACT
------------------------
Successful exploitation of this vulnerability could allow authenticated
system users to escalate their privileges under certain conditions.

------------------------
VULNERABILITY OVERVIEW
------------------------

IMPROPER PRIVILEGE MANAGEMENT CWE-269

Authenticated, non-administrative local users are able to alter service
executables with escalated privileges which could allow an attacker to
execute arbitrary code under the context of the current system services.

CVE-2017-12728 has been assigned to this vulnerability. A CVSS v3 base
score of 5.3 has been assigned; the CVSS vector string is
(AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).


------------------------
Vulnerability Details
------------------------

1. Untrusted Users Can Modify Windows Service Executables
It is possible for non-administrative local users to replace some of the
Windows Service executables with malicious programs. This could be abused
to execute programs with the privileges of the Windows services concerned.

The programs below have FILE_WRITE, WRITE_DAC or WRITE_OWNER permission
granted to non-administrative users:

SCADA Server (SCADAServer) runs the following program as LocalSystem:

C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: FILE_WRITE_DATA
C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users:
FILE_WRITE_DATA

2. Delete Permission Granted On Windows Service Executables
It is possible for non-administrative local users to delete some of the
Windows Service executables with malicious programs. This could lead to
disruption or denial of service.

The programs below have DELETE permission granted to non-administrative
users:

SCADA Server (SCADAServer) runs the following program as LocalSystem:

C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: DELETE
C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users:
DELETE

3. Append Permission Granted Windows Service Executables
It is possible for non-administrative local users to append to some of the
Windows Service executables with malicious programs. This is unlikely to be
exploitable for .exe files, but is it bad security practise to allow more
access than necessary to low-privileged users.

The programs below have FILE_APPEND permission granted to
non-administrative users:

SCADA Server (SCADAServer) runs the following program as LocalSystem:

C:\WWW\ScadaWindowsService.exe: ALLOW \Everyone: FILE_APPEND_DATA
C:\WWW\ScadaWindowsService.exe: ALLOW NT AUTHORITY\Authenticated Users:
FILE_APPEND_DATA


+++++
Best Regards,
Karn Ganeshen

#  0day.today [2024-09-29]  #
0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
Send all submissions to mr.inj3ct0r[at]gmail.com
Copyright © 2008-2024 0day Today Team